Solved

I am working on a Juniper-NS5GT  firewall and I need to port foward 3389 to a client machine

Posted on 2009-05-19
8
667 Views
Last Modified: 2013-11-16
I have a third party app company who is going to need to get into a machine
To make it easier for you guys  here is the IP of the router 192.168.7.1
here is the IP address of the client Machine 192.168.7.56
Please advise on this thank you and I ask for no KB articles just simple answers as I am under the GUN to get this done
0
Comment
Question by:explorer648
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425484
Try this:

Go to Objects ->Services -> Custom
Create a new service for TCP port 3389

Create a policy from Untrust to Trust
Source Address - Any or if you know the IP of your partner
Destination Address - 192.168.7.56
Service - Custom Service
Action - Permit
Check logging and at session beginning (Optional)

I think that should do it
0
 

Author Comment

by:explorer648
ID: 24425688
Umm tried it and after i did it it does not work?
here is the screen shots



policy-page.bmp
PORT.bmp
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425978
My bad, i was wrong on the destination setup.

Create a Address list called VIP TS
Assign your public IP

In Network -> Interfaces
Edit your public interface

Goto VIP properties
Create new VIP service
Assign port 3389 to 192.168.7.56

Now set your destination address in your policy as VIP TS
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 6

Expert Comment

by:drewha1969
ID: 24425997
PS  Setup your VIP TS as a Global address
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24426866
As a side note, this should work, as we have it done this way to pass port 80 to our webserver, however I am definitely not a security guru and am not sure of all the ramifications of opening up a desktop to the internet on that port.  As far as i know, if the machine has strong passwords, it should be safe, but again, I am no guru.

To clarify and make sure I have given you the correct information, it sounds like you do not have a VPN setup between your 2 networks and you are trying to connect over the internet.  If so, setting up the destination as I have described above should work.
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24431253
I feel I may have been rushing through the VIP part and left out some details so:

Network -> Interfaces
Edit Public Interface (Usually Ethernet 3)
VIP
If no previous entries, follow the next step, else skip to New VIP Service
Add/Modify VIP entry -> select "Same as the untrusted interface IP address" -> Add

New VIP Service
Virtual IP -> Public IP
Virtual Port -> 3389
Map to Service -> Custom service (TS) 3389
Map to IP -> 192.168.7.56
Check Server Autodetection

0
 
LVL 6

Accepted Solution

by:
drewha1969 earned 500 total points
ID: 24431285
Sorry again, set the netmask as 32 for your global address.
VIP TS = PublicIP/32
0
 

Author Comment

by:explorer648
ID: 24606965
I have not had a chance to try this new solution yet I will try it and see where it takes me
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question